CVE-2017-6130

EUVD-2017-15195
F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.4 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
f5ssl_intercept_iapp
1.5.0
f5ssl_intercept_iapp
1.5.7
f5ssl_orchestrator
2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.f5.com/csp/article/K23001529
https://support.f5.com/csp/article/K23001529